On the System

  1. From the Network Security Main Menu, choose option 4 ‘Work with Security by Object’.
  2. Start with option 1 to create an Object List. Name the object list something descriptive that helps you identify the unique set of object(s) that will be included in the list. You may have multiple lists, each with their own objects.
  3. The Type field includes two possible values which indicate where the objects reside. ‘Q’ objects are native objects where ‘I’ objects are IFS path objects. They are separate because the programs needed to identify and test these objects are very different and cannot be combined.
  4. Once the list is created, add the entries (Objects). Use option 8 ‘Work with Entries’ to add objects. You may at any time add or remove objects to the list even after the rules are active.
  5. Next, add the user profiles or the IBM i group profile name that will be subject to the object list rules. To do so, use option 9 from the Work with Object Lists screen ‘Object Rules using Object List’. During the profile addition step, the Operation (e.g. *CREATE, *READ, *UPDATE, *DELETE, *ALL) will be made along with the Authority desired (e.g. *OS400, *REJECT, *SWITCH) for that object data and the object itself.
  6. Finally, select the servers you wish to apply the object rules to. You may also manually apply the Object rules by accessing the server and inserting the authority of *MEMOBJ. The existence of the *MEMOBJ authority on any server will indicate that server is testing for object rules.

On Insite

  1. From the Network Security Menu, choose Object Lists.
  2. Choose Add.
  3. Name the object list something descriptive that helps you identify the unique set of object(s) that will be included in the list. You may have multiple lists, each with their own objects.
  4. The Type field includes two possible values, which indicate where the objects reside. Select whether you want to create a list of IFS objects (ISF Path) or native objects (Native Objects).
  5. Enter the IFS Path or Native Object Library, Name, and Type. If you would like to add an additional IFS Path or Native Object to the list, click Add IFS Path or Add Native Object, respectively, and enter the object's path or library/name/type. Repeat for additional objects. Choose Save to create the Object List.
  6. Next, on the Network Security menu, choose Object Rules.
  7. Choose Add and specify the User/Location, Object List, Operation, and Data/Object authority.
  8. For Active, choose Yes to activate the Object Rule.
  9. Next, specify which systems should enforce this rule. After "Select which systems to save to", check the desired systems. Or, choose Select All to enforce the Object Rule on all managed systems.
  10. Click Add Server > Function if you would like the Object Rule to apply to specific functions. Choose the server and function, then repeat for any additional server functions.
  11. Finally, save to create the object rule. *MEMOBJ rules are generated based on your selections. Existing *MEMOBJ are listed at the bottom of the Edit Object Rules screen.

 


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 15, 2018